In information technology (IT) security, access permissions are expressed as tuples (O, R) that specify the authorization to perform the operation O on the resource R. Examples of operations include read, write, and execute; examples of resources include files, database records, or World Wide Web services.
Access permissions are typically assigned to users to grant them the right to perform the specified operation on the specified resource. In role-based access control (RBAC), access permissions are first assigned to roles, and these roles are then assigned to users. The NIST standard of RBAC (D. Ferraiolo, R. Sandhu, S. Gavrila, D. Kuhn, and R. Chandramouli. Proposed NIST standard for role-based access control. TISSEC, 2001) includes further elements (such as sessions and role hierarchies). In IT systems, it is not unusual that new users are added and/or existing users change their roles frequently. Those new users and those users whose roles have changed need to be assigned new permissions. As many users are added and roles changed, it may become difficult to keep track of the users and their permissions and update them manually. Accordingly, it is desirable to have an automated system and method that assigns permissions automatically.